http://bugzilla.moblin.org/show_bug.cgi?id=7838
--- Comment #39 from Chen Congwu <[email protected]> 2010-04-14 00:33:20 PST --- (In reply to comment #38) > (In reply to comment #37) > > (In reply to comment #36) > > > (In reply to comment #35) > > > Key point that I haven't seen discussed is: > > > - How does the user set up a server so that it > > > can create new configs correctly? In particular, > > > which username/password is expected by the server? > > Using 'SyncEvolution Client' template is enough (of source syncURL should > > set > > correctly), username/password was already inside the template. > > In other words, the whole world knows the credentials which are necessary to > connect to my machine, create a config and access my data, and that as soon as > I start syncevo-http-server. This is not secure ;-) Ah, good catch! > > I see several solutions: > 1. Add username/password as command line options to syncevo-http-server, > communicate them to syncevo-dbus-server when a new request comes in, > using new keys in the meta information. syncevo-dbus-server then > uses those credentials. > 2. We add new config properties, to be set inside > ~/.config/syncevolution/config.ini, which specify the default > credentials. > > In both cases creating new configs is disabled if no credentials are set. > > Solution 1 has the advantage that this feature is discoverable by users of > syncevo-http-server and can be set on a case-by-case basis (run daemon with > specific credentials, connect with new client, restart daemon without > credentials or different ones for a different client). > > Solution 2 has the advantage that it can (and should) reuse the secure > password > storage features of syncevo-dbus-server. > > I tend to prefer solution 1, although it might be worth asking on the mailing > list. I like solution 1 too, such credential is part of HTTP server I think. > > > > - What is the naming of the new configs? > > The name is 'deviceID-time', any better ideas? > > Can we compose the name from manufacturer + model? That may only work after > completing the sync and thus would depend on renaming the config. That still may not be unique, so we still have to append some string to make it unique.. I think the real problem is we should found a way to notify the user we have created a configuration named xxx for the client, so that he understands the configuration name. > > > I'm not sure yet whether we need the property. Can't we just define that > > > configuration "temporary-config" is "reusable"? > > That can work if we hook at the end of the first successful session, at > > which > > point we have to rename the config from 'temporary-config' to a permanent > > config for that peer 'deviceID-time' > > It works but I think renaming a configuration is a bit confusing. > > Why? Because the user sees a "temporary-config"? Exactly, that's really confuse when I sync with the same client, the first time server said 'temporary-config', later some other name. If there is a UI depicts profile information about such sync, the sync history would also be confusing.. -- Configure bugmail: http://bugzilla.moblin.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching someone on the CC list of the bug. _______________________________________________ Syncevolution-issues mailing list [email protected] http://lists.syncevolution.org/listinfo/syncevolution-issues
